Lucene search
UbuntuUSN-795-1HistoryJul 02, 2009 - 12:00 a.m.
Nagios vulnerability
2009-07-0200:00:00
ubuntu.com
34
6.9 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.97 High
EPSS
Percentile
99.7%
Releases
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04
Packages
- nagios2 -
- nagios3 -
Details
It was discovered that Nagios did not properly parse certain commands
submitted using the WAP web interface. An authenticated user could exploit
this flaw and execute arbitrary programs on the server.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.04 | noarch | nagios3 | < 3.0.6-2ubuntu1.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | nagios3-dbg | < 3.0.6-2ubuntu1.1 | UNKNOWN |
| Ubuntu | 8.10 | noarch | nagios3 | < 3.0.2-1ubuntu1.2 | UNKNOWN |
| Ubuntu | 8.10 | noarch | nagios3-dbg | < 3.0.2-1ubuntu1.2 | UNKNOWN |
| Ubuntu | 8.04 | noarch | nagios2 | < 2.11-1ubuntu1.5 | UNKNOWN |
| Ubuntu | 8.04 | noarch | nagios2-dbg | < 2.11-1ubuntu1.5 | UNKNOWN |
References
Related
dsquare
dsquare
Nagios 3.1.0 RCE
2012-01-30 00:00:00
nessus
nessus
SuSE 10 Security Update : nagios (ZYPP Patch Number 6356)
2009-09-24 00:00:00
openSUSE Security Update : nagios (nagios-1102)
2009-07-31 00:00:00
Debian DSA-1825-1 : nagios2, nagios3 - insufficient input validation
2010-02-24 00:00:00
debian
debian
ubuntucve
ubuntucve
CVE-2009-2288
2009-07-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Nagios statuswml.cgi Command Execution (CVE-2009-2288)
2013-12-02 00:00:00
packetstorm
packetstorm
Nagios3 statuswml.cgi Ping Command Execution
2009-10-30 00:00:00
saint
saint
Nagios statuswml.cgi Command Injection
2010-04-13 00:00:00
Nagios statuswml.cgi Command Injection
2010-04-13 00:00:00
Nagios statuswml.cgi Command Injection
2010-04-13 00:00:00
openvas
openvas
Ubuntu USN-795-1 (nagios3)
2009-07-06 00:00:00
Debian: Security Advisory (DSA-1825-1)
2009-07-06 00:00:00
Ubuntu: Security Advisory (USN-795-1)
2009-07-06 00:00:00
freebsd
freebsd
nagios -- Command Injection Vulnerability
2009-05-29 00:00:00
canvas
canvas
Immunity Canvas: NAGIOS_PING
2009-07-01 13:00:00
securityvulns
securityvulns
[USN-795-1] Nagios vulnerability
2009-07-03 00:00:00
prion
prion
Code injection
2009-07-01 13:00:00
cve
cve
CVE-2009-2288
2009-07-01 13:00:00
gentoo
gentoo
Nagios: Execution of arbitrary code
2009-07-19 00:00:00
6.9 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.97 High
EPSS
Percentile
99.7%
Related for USN-795-1